3

我在 Spring Boot 应用程序中使用 Spring Security 和 Waffle。我已经使用基于 Java 的 Spring 配置配置了 waffle。(见下文。)

我已将 Spring Boot 配置为使用带有 SSL 的 Tomcat(默认),但即使我恢复使用未加密的 http 连接,问题仍然存在。

如果我使用谷歌浏览器访问该网站,我可以正确验证,但在 IE11 中以奇怪的方式失败。华夫饼产生以下日志:

[DEBUG] [http-nio-8443-exec-1] w.s.NegotiateSecurityFilter: - GET /, contentlength: -1
[DEBUG] [http-nio-8443-exec-1] w.s.s.NegotiateSecurityFilterProvider: - security package: Negotiate, connection id: 0:0:0:0:0:0:0:1:52047
[DEBUG] [http-nio-8443-exec-1] w.s.s.NegotiateSecurityFilterProvider: - token buffer: 126 byte(s)
[DEBUG] [http-nio-8443-exec-1] w.s.s.NegotiateSecurityFilterProvider: - continue token: xxxx
[DEBUG] [http-nio-8443-exec-1] w.s.s.NegotiateSecurityFilterProvider: - continue required: true
[DEBUG] [http-nio-8443-exec-6] w.s.NegotiateSecurityFilter: - GET /, contentlength: -1
[DEBUG] [http-nio-8443-exec-6] w.s.s.NegotiateSecurityFilterProvider: - security package: Negotiate, connection id: 0:0:0:0:0:0:0:1:52047
[DEBUG] [http-nio-8443-exec-6] w.s.s.NegotiateSecurityFilterProvider: - token buffer: 121 byte(s)
[DEBUG] [http-nio-8443-exec-6] w.s.s.NegotiateSecurityFilterProvider: - continue token: xxxx
[DEBUG] [http-nio-8443-exec-6] w.s.s.NegotiateSecurityFilterProvider: - continue required: false
[DEBUG] [http-nio-8443-exec-6] w.s.NegotiateSecurityFilter: - logged in user: DOMAIN\username (xxxx)
[DEBUG] [http-nio-8443-exec-6] w.s.NegotiateSecurityFilter: - roles: DOMAIN\username, xxxx, xxxxxxxxxxxxxxxxxx
[INFO ] [http-nio-8443-exec-6] w.s.NegotiateSecurityFilter: - successfully logged in user: DOMAIN\username
[DEBUG] [http-nio-8443-exec-6] w.s.NegotiateSecurityFilter: - GET /, contentlength: -1
[DEBUG] [http-nio-8443-exec-6] w.s.s.NegotiateSecurityFilterProvider: - security package: Negotiate, connection id: 0:0:0:0:0:0:0:1:52047
[DEBUG] [http-nio-8443-exec-6] w.s.s.NegotiateSecurityFilterProvider: - token buffer: 121 byte(s)
[WARN ] [http-nio-8443-exec-6] w.s.NegotiateSecurityFilter: - error logging in user: com.sun.jna.platform.win32.Win32Exception: The token supplied to the function is invalid

因此,在我看来,身份验证好像成功了,但是由于某种原因,它尝试重新进行身份验证并且失败了。

我通过Chrome访问该站点时的日志类似,但登录成功后显示:

[DEBUG] [http-nio-8443-exec-1] w.s.NegotiateSecurityFilter: - GET /, contentlength: -1
[DEBUG] [http-nio-8443-exec-1] w.s.NegotiateSecurityFilter: - GET /index.html, contentlength: -1
[DEBUG] [http-nio-8443-exec-1] w.s.NegotiateSecurityFilter: - GET /index.html, contentlength: -1

......从那里开始等等。

在 IE 案例中似乎也存在时间问题。有时,它会成功地从服务器加载一些内容:字体、图像等,然后突然又失败了。这是不一致的,它在不同的时间停在不同的地方。

这是华夫饼错误吗?

我的 Spring Boot 基于 Java 的配置:

@Configuration
public class WaffleConfig {

    @Bean
    public WindowsAuthProviderImpl waffleWindowsAuthProvider() {
        return new WindowsAuthProviderImpl();
    }

    @Bean
    @Autowired
    public NegotiateSecurityFilterProvider negotiateSecurityFilterProvider(
            final WindowsAuthProviderImpl windowsAuthProvider) {
        return new NegotiateSecurityFilterProvider(windowsAuthProvider);
    }

    @Bean
    @Autowired
    public BasicSecurityFilterProvider basicSecurityFilterProvider(final WindowsAuthProviderImpl windowsAuthProvider) {
        return new BasicSecurityFilterProvider(windowsAuthProvider);
    }

    @Bean
    @Autowired
    public SecurityFilterProviderCollection waffleSecurityFilterProviderCollection(
            final NegotiateSecurityFilterProvider negotiateSecurityFilterProvider,
            final BasicSecurityFilterProvider basicSecurityFilterProvider) {
        final SecurityFilterProvider[] securityFilterProviders = {
                negotiateSecurityFilterProvider,
                basicSecurityFilterProvider };
        return new SecurityFilterProviderCollection(securityFilterProviders);
    }

    @Bean
    @Autowired
    public NegotiateSecurityFilterEntryPoint negotiateSecurityFilterEntryPoint(
            final SecurityFilterProviderCollection securityFilterProviderCollection) {
        final NegotiateSecurityFilterEntryPoint negotiateSecurityFilterEntryPoint = new NegotiateSecurityFilterEntryPoint();
        negotiateSecurityFilterEntryPoint.setProvider(securityFilterProviderCollection);
        return negotiateSecurityFilterEntryPoint;
    }

    @Bean
    @Autowired
    public NegotiateSecurityFilter waffleNegotiateSecurityFilter(final SecurityFilterProviderCollection securityFilterProviderCollection) {
        final NegotiateSecurityFilter negotiateSecurityFilter = new NegotiateSecurityFilter();
        negotiateSecurityFilter.setProvider(securityFilterProviderCollection);
        return negotiateSecurityFilter;
    }

}

和:

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true)
public class SecurityConfig {

    @Configuration
    public static class ProductionConfig extends WebSecurityConfigurerAdapter {
        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http
                .authorizeRequests()
                    .anyRequest()
                    .authenticated()
                    .and()
                .addFilterBefore(negotiateSecurityFilter, BasicAuthenticationFilter.class)
                .httpBasic()
                    .authenticationEntryPoint(entryPoint);
        }

        @Autowired
        public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
            auth.inMemoryAuthentication().withUser("user").password("pa").roles("USER");
        }

        @Autowired
        private NegotiateSecurityFilter negotiateSecurityFilter;

        @Autowired
        private NegotiateSecurityFilterEntryPoint entryPoint;
    }
}
4

0 回答 0